package com.asimplefox.serurity;

import com.asimplefox.filter.AuthFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * @author github-kloping
 */
@Configuration
public class SecurityConfig {

    @Autowired
    AuthFilter authFilter;

    @Bean
    public SessionRegistry sessionRegistry() {
        return new SessionRegistryImpl();
    }

    @Bean
    protected SecurityFilterChain configure(HttpSecurity http) throws Exception {
        SessionRegistry sessionRegistry = sessionRegistry();

        http.sessionManagement(f -> f.maximumSessions(10).sessionRegistry(sessionRegistry));

//        http.formLogin(f -> f.loginPage("/#/login").loginProcessingUrl("/user/login"));

        http.csrf(f -> f.disable());
        http.authorizeHttpRequests(auth -> auth.anyRequest().permitAll());
        http.addFilterBefore(authFilter, UsernamePasswordAuthenticationFilter.class);
        return http.build();
    }
}